You are here
PostgreSQL SSL
When selecting the SSL checkbox for PostgreSQL three inputs will appear, which allow you to enter the names of the secure keys and certificates needed to connect over SSL.
What it is: The private key is a secret key that is used in the SSL/TLS protocol to encrypt information before it is transmitted over the network. It is generated when you create a Certificate Signing Request (CSR) and should be kept private and secure at all times.
When you need it: Always. The private key is essential for the operation of SSL/TLS because it pairs with the public key contained within your SSL certificate. The server uses it to decrypt information that was encrypted with the public key by clients.
What it is: The SSL certificate is a digital certificate that contains the public key and identity of the server. It is issued by a Certificate Authority (CA) after validating your domain and/or organization's details.
When you need it: Always. The SSL certificate is sent to clients during the SSL/TLS handshake process to establish a secure connection. It enables clients to verify the server's identity and to encrypt information using the public key that the server can then decrypt with its private key.
What it is: A CA certificate is a digital certificate issued by a trusted Certificate Authority (CA). It certifies the ownership of a public key by the named subject of the certificate. This trusted certificate establishes the trustworthiness of your SSL certificate by association.
When you need it: The CA certificate (or a bundle of intermediate CA certificates) is often necessary when you need to establish a complete trust chain from your SSL certificate back to a trusted root CA certificate. This is crucial in scenarios where:
- Client Authentication: If your server requires clients to authenticate themselves using certificates, you'll need the CA certificate to verify the client certificates.
- Mutual TLS (mTLS): In mutual TLS scenarios, both client and server authenticate each other with certificates. The CA certificate is used to verify the client's certificate.
- Intermediate Certificates: Sometimes, your SSL certificate is signed not directly by a root CA, but by an intermediate CA. Clients might not inherently trust this intermediate CA, so you provide the intermediate CA certificates (the CA cert you have) to help clients build a trust chain to a root CA that they do trust.